Blocking inbound spam issue

Hi
Our Dedicated Server is exl.example.com and we are facing the same problem.
SPF Check is enabled on our server, still spam mails not originating from our server but spoofing the from field as an address of a domain on our server (support@example.com) are coming in. Both the from and to address are this.

I turned SPF check off, and back on and exim was restarted to makesure the SPF check is enabled.
Any idea why this could be happening and what I can do to reject such mails.

Staff Member

Could you verify that you are referring to the "Reject SPF failures" option in "WHM >> Exim Configuration Manager >> Basic Editor"? Also, what's the entry for one of these messages in /var/log/exim_mainlog when it makes it through? EX:

Could you verify that you are referring to the "Reject SPF failures" option in "WHM >> Exim Configuration Manager >> Basic Editor"? Also, what's the entry for one of these messages in /var/log/exim_mainlog when it makes it through? EX:

Code:

exigrep user@domain /var/log/exim_mainlog

Thank you.

Click to expand...

Thanks for looking at this Michael.
1.Yes WHM-EXIM-Exim configuration Manager >> Basic Editor is exactly where I have turned SPF checking on.
2. We received another mail to our domain support@spectral-dt.com
I think the mails dont get rejected as spam because spam-assasin gives it -100 for spoofing the from address to be from the same local domain.

Here is what I found about this in in /var/log/exim_mainlogroot@exl [~]# 2016-03-11 21:19:36 [23309] 1aePJj-00063x-BR H=cm-84.211.31.93.getinternet.no [84.211.31.93]:36406 I=[148.251.254.252]:25 Warning: Message has been scanned: no virus or other harmful content was found
-bash: 2016-03-11: command not found
root@exl [~]# 2016-03-11 21:19:36 [23309] 1aePJj-00063x-BR <= support@cm-84.211.31.93.getinternet.no H=cm-84.211.31.93.getinternet.no [84.211.31.93]:36406 I=[148.251.254.252]:25 P=smtp S=4964 M8S=0 id=000101d17bdf$cbb006f4$c0a80001@cm-84.211.31.93.getinternet.no T="support Your Electricity Bill 1202$" from <support@cm-84.211.31.93.getinternet.no> for support@spectral-dt.com
-bash: =: No such file or directory